Lucene search

GitHub_MCVELIST:CVE-2020-15221

HistoryJan 13, 2021 - 5:10 p.m.

CVE-2020-15221 XSS in the breadcrumbs

2021-01-1317:10:15

CWE-79

GitHub_M

www.cve.org

itop

xss

vulnerability

breadcrumbs

fixed

versions

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

Combodo iTop is a web based IT Service Management tool. In iTop before versions 2.7.2 and 3.0.0, by modifying target browser local storage, an XSS can be generated in the iTop console breadcrumb. This is fixed in versions 2.7.2 and 3.0.0.

CNA Affected

[
  {
    "product": "iTop",
    "vendor": "Combodo",
    "versions": [
      {
        "status": "affected",
        "version": "< 2.7.2"
      }
    ]
  }
]

References

github.com/Combodo/iTop/security/advisories/GHSA-w6g2-p7pf-7hvw

CVSS3

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

Related for CVELIST:CVE-2020-15221